Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support custom CA for redis TLS #1743

Merged
merged 2 commits into from
May 28, 2024
Merged

feat: support custom CA for redis TLS #1743

merged 2 commits into from
May 28, 2024

Conversation

jasonschroeder-sfdc
Copy link
Collaborator

This is to support Google MemoryStore in-transit encryption.

Fixes: #1643

@jasonschroeder-sfdc jasonschroeder-sfdc marked this pull request as ready for review May 17, 2024 04:35
werkt
werkt reviewed May 22, 2024
View reviewed changes
src/main/java/build/buildfarm/instance/shard/JedisClusterFactory.java Outdated
* @return A builder with the SSL context attached.
* @note Suggested return identifier: builder.
*/
private static DefaultJedisClientConfig.Builder attachSslSocketFactoryIfNeeded(
Copy link
Collaborator

@werkt werkt May 22, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we break this out into a separate RedisSSL.java? - it pollutes the namespace of this file substantially and has only static methods to show for it - I'm picturing one road in with the cert file, and one road out with the authentication adapter.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure - shall I place it under src/main/java/build/buildfarm/common/redis/RedisSSL.java ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, that will work best.

werkt
werkt approved these changes May 23, 2024
View reviewed changes
Copy link
Collaborator

@werkt werkt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some odd grammatical semantics in there, but looks good. I'll wait until tomorrow to merge.

@jasonschroeder-sfdc
feat: support custom CA for redis TLS
b7f4729 
This is to support Google MemoryStore in-transit encryption.
@jasonschroeder-sfdc
docs(configuration): document redisCertificateAuthorityFile
a1f672d 
Add documentation for `redisCertificateAuthorityFile` and reflow the
Markdown table.
@werkt werkt merged commit 02dc45c into bazelbuild:main May 28, 2024
4 checks passed
@jasonschroeder-sfdc jasonschroeder-sfdc deleted the redis-tls branch May 28, 2024 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@werkt werkt werkt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat request: support Google MemoryStore in-transit encryption
2 participants
@jasonschroeder-sfdc @werkt